CVE-2020-4686

Vulnerability

IBM Spectrum Virtualize 8.3.1, including SAN Volume Controller and Storwize Family, has a vulnerability in LDAP authentication that allows a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. The vulnerability is due to improper handling of LDAP authentication cache [1].

Exploitation

An attacker must have a valid LDAP account and network access to the vulnerable system. The attack complexity is high (AC:H) as per CVSS 3.0. No user interaction is required. The attacker can exploit the flaw by leveraging the LDAP authentication cache mechanism to gain elevated privileges [1].

Impact

Successful exploitation can lead to unauthorized access with high confidentiality and integrity impact, potentially allowing the attacker to read or modify data they should not have access to. Availability is not affected (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) [1].

Mitigation

As a workaround, the LDAP authentication cache can be disabled by running the CLI command chldap -authcacheminutes 0 with a SecurityAdmin role. This prevents exploitation but may increase LDAP server load. IBM recommends re-enabling the cache after upgrading to a fixed version. The permanent fix is to upgrade to a later code level that addresses the issue; users should consult the IBM support page for the latest updates [1].